package com.quan.TemplateEditor.service;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
//@EnableWebSecurity
public class MyWebSecurityConfig{
        //extends WebSecurityConfigurerAdapter
    //明文加密器,只需要在内存中有这个管理对象,如果不添加，从前端登录时会抛出异常
    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        // auth.userDetailsService(myUserDetailsService());
//        //auth可以决定user对象的来源,可以是内存,也可以是
//        //自定义从数据库读取的数据
//        auth.inMemoryAuthentication()
//                .withUser("user")
//                .password("123456")
//                //.roles("guest")//底层ROLE_guest权限
//                .authorities("read", "ROLE_guest");
//        //roles 和authorities本质底层都是设置的权限
//        //在内存用户定义时,同时存在,下面的方法值会覆盖上面的
//        auth.inMemoryAuthentication()
//                .withUser("admin")
//                .password("123456")
//                .roles("administrator", "guest")
//                .authorities("read", "write", "delete", "update", "ROLE_administrator", "ROLE_guest");
//    }

}